| 제목 | Industrial Application Software - IAS Canias ERP 8.03-- Use of Hard-coded Cryptographic Key (CWE-321) |
|---|
| 설명 | A vulnerability was found in Industrial Application Software caniasERP 8.03 and classified as high. This vulnerability affects the crypto classes of the component Client JAR Files distributed via the JNLP deployment endpoint. The manipulation leads to use of hard-coded cryptographic keys. Multiple encryption keys are embedded as compile-time constants including AES-128, AES-256, Triple DES, DES-56 (cryptographically broken), Blowfish, and a server configuration file decryption key. The JAR files are downloadable without authentication over plain HTTP via the JNLP endpoint, exposing all keys to any network-level attacker. Combined with the FILETRANSFER vulnerability, these keys allow decryption of the server configuration file to obtain plaintext database credentials.
Discovered by Bilal Güneş (@b1lal) of HawkTrace. |
|---|
| 사용자 | b1lal (UID 97312) |
|---|
| 제출 | 2026. 04. 20. PM 06:13 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 09. PM 06:33 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 362459 [Industrial Application Software IAS Canias ERP 8.03 JNLP Deployment Endpoint 약한 암호화] |
|---|
| 포인트들 | 17 |
|---|